Cybersecurity


ICA to explore impact of ransomware on financial crime compliance

2021-10-27T14:50:00+01:00By GRC Announcements

The International Compliance Association will explore the impact of ransomware on financial crime compliance on Nov. 16 as part of a free webinar.

3x2 web graphic

Compliance Week National Conference is going back in person in May

2021-10-25T12:00:00+01:00By

Mark your calendars: Compliance Week’s National Conference in Washington, D.C. will be held in person for the first time in nearly three years from May 16-18, 2022.

Hacker

FinCEN report: Ransomware SARs surge past 2020 totals

2021-10-18T20:45:00+01:00By

A Financial Crimes Enforcement Network report on financial trends in Bank Secrecy Act data found a greater number of SARs related to ransomware filed between January and June 2021 than during all of 2020.

United States cyber

How to respond to government’s renewed emphasis on cybersecurity

2021-10-15T20:30:00+01:00By

The Department of Justice’s new Civil Cyber-Fraud Initiative is the latest development to suggest companies’ cybersecurity defenses had better be up to snuff when doing business with the U.S. government or risk enforcement.

DOJ

DOJ to enforce False Claims Act in regulating contractor data breaches

2021-10-07T18:12:00+01:00By

The Department of Justice will use the False Claims Act to pursue cases of cybersecurity-related fraud by government contractors and grant recipients—including claims against entities that fail to report breaches and hacks in a timely manner.

Neiman Marcus

Neiman Marcus data breach exposes personal info of 4.6M customers

2021-10-04T18:47:00+01:00By

Luxury retailer Neiman Marcus discovered last month a May 2020 data breach that exposed personal and financial information contained in the online accounts of approximately 4.6 million customers.

csiweb cyber poll cover img

White paper: 2021 Consumer Cybersecurity Poll Executive Report

2021-10-01T05:12:00+01:00Provided by

To uncover Americans’ top cybersecurity concerns, CSI partnered with The Harris Poll to survey more than 2,000 U.S. adults age 18 and above about their perceptions, fears and expectations related to cybersecurity.

Cybersecurity Best Practices for the Compliance Practitioner

Introducing: Cybersecurity training customized for compliance

2021-09-28T13:31:00+01:00By Darren R. Hayes, CW Cybersecurity Course Author

The professor who created CW’s first-ever self-directed learning module explains what compliance practitioners can expect to get out of the course—and why it’s an essential tool in an evolving cyber-risk landscape.

cybersecurity

On-demand training: Protect your company from cyber risks

2021-09-28T10:01:00+01:00

Take this self-directed, interactive course to deepen your understanding of cybersecurity risks and learn about the latest regulations to keep your organization compliant and prepared for today’s dangerous cyber-environment.

Treasury Department

Treasury sanctions virtual currency exchange as part of ransomware response

2021-09-21T20:43:00+01:00By

The U.S. Department of the Treasury announced “robust actions” to counter ransomware, including blocking the assets of a Russian virtual currency exchange that has facilitated payments for at least eight ransomware variants.

cybergrx300x200

CPE Webcast: Defending yourself from ransomware third-party risks

2021-09-02T14:00:00+01:00Provided by

Ransomware continues to dominate headlines with no sign of slowing down. What started more than 30 years ago has become one of the most prevalent and lucrative cyberattacks that does not discriminate by company size, industry, or geography.

Cyber-security

​SEC sanctions 8 over email breaches

2021-08-31T16:42:00+01:00By

The Securities and Exchange Commission penalized eight firms across three separate actions for breaches of employee email accounts that exposed the personal information of thousands of customers in each case.

Bank risk

Banking guidance: Six key areas of FinTech due diligence

2021-08-30T16:27:00+01:00By

Three federal banking regulators have released guidance offering tips and suggestions to community banks for conducting due diligence on potential FinTech partners.

T-Mobile

CEO: T-Mobile ‘humbled’ by data breach, taking steps to prevent future attacks

2021-08-27T15:51:00+01:00By

T-Mobile CEO Mike Sievert lamented the recent breach of company servers that led to a hacker stealing the personal information of nearly 55 million customers, but said the company is “fully committed to take our security efforts to the next level.”

T-Mobile

T-Mobile ups compromised customer account total to 55M

2021-08-20T13:45:00+01:00By

A “highly sophisticated” cyber-attack illegally accessed nearly 55 million customer records of mobile phone carrier T-Mobile, the largest such attack against the company that has been hit at least four previous times since 2018.

Brasseur_opinion

T-Mobile the least surprising data breach of 2021

2021-08-18T16:10:00+01:00By

Cyber-attacks catch most companies and their customers off guard, but T-Mobile, the victim of at least five data breaches since 2018, had many red flags indicating its vulnerability ahead of its latest incident.

Pearson

Pearson fined $1M for misleading data breach disclosures

2021-08-17T20:21:00+01:00By

U.K.-based education company Pearson has agreed to pay $1 million as part of a settlement with the Securities and Exchange Commission for misleading investors regarding a 2018 data breach.

FINRA

FINRA notice outlines key areas for supervising third parties

2021-08-17T15:40:00+01:00By

The Financial Industry Regulatory Authority issued a notice on compliance deficiencies arising from firms’ relationships with vendors culled from examination findings.

Investigations

What factors are driving change in your corporate investigations process?

2021-08-10T15:00:00+01:00By

A recent survey from Compliance Week and OpenText reveals while investigations and data volumes are on the rise, machine learning combined with external expertise may give companies the upper hand in accelerating response and results.

Vanessa Benavides index

Q&A: How Kaiser Permanente has handled change brought by COVID-19

2021-08-06T14:24:00+01:00By

Vanessa Benavides, chief compliance and privacy officer and senior VP at Kaiser Permanente, shares how the company adjusted its policies and procedures because of COVID-19 and the lessons she learned along the way.

Walmart

Judge dismisses CCPA-related lawsuit against Walmart

2021-08-02T16:46:00+01:00By

A federal judge in California dismissed a lawsuit alleging a data breach at Walmart was a violation of the California Consumer Privacy Act, noting the plaintiff failed to prove a breach occurred.

exterro300x200

CPE Webcast: Incident and breach management 101

2021-07-29T14:00:00+01:00Provided by

Today’s breach landscape is unprecedented and complex. Every organization is facing potential enforcement of many interconnected and overlapping laws in multiple jurisdictions, each with restrictive timelines. In this complex environment, it is not enough to have a response plan. Your organization needs a response system.

Robinhood

Robinhood Crypto anticipates $10M penalty for cyber, AML failures

2021-07-07T18:26:00+01:00By

Robinhood Markets said its cryptocurrency platform might face a penalty of “at least” $10 million from the New York State Department of Financial Services for anti-money laundering and cyber-security failures.

AdobeStock_322995135_Editorial_Use_Only

British Airways settles 2018 data breach class action

2021-07-07T16:50:00+01:00By

British Airways has settled one of the U.K.’s largest group actions after thousands of people sought compensation following a 2018 data breach that resulted in the airline being fined under the GDPR.

Ransomware

TPRM 2021: What to do before, during, and after a ransomware attack

2021-07-07T14:21:00+01:00By

Two risk and compliance practitioners opened their cyber-playbooks at CW’s TPRM virtual event, explaining how to identify and address vulnerabilities, establish transparency with vendors, and strengthen an organization’s incident management program.

Ransomware

Takeaways from NYDFS ransomware guidance

2021-07-06T16:41:00+01:00By

The New York State Department of Financial Services has issued guidance for regulated entities describing best practices for reducing the risk of a ransomware attack.

Linda Tuck Chapman

Pandemic effect on TPRM practices here to stay, expert warns

2021-06-29T17:54:00+01:00By

With many businesses still sorting through the new layers of risk that have emerged over the last 16 months, Linda Tuck Chapman of the Third Party Risk Institute shared her top areas of focus and more at CW’s virtual TPRM event.

McDonalds

Big week for breaches: McDonald’s, Carnival, and more

2021-06-18T19:20:00+01:00By

Multiple high-profile companies—including Carnival, Wegmans, McDonald’s, Volkswagen, and CVS—have confirmed in recent days they were either victims of a data breach or were alerted to a gap in their security controls.

Exposed files

First American Financial settles SEC charges for cyber-security failures

2021-06-15T16:04:00+01:00By

First American Financial Corp. reached a $487,616 settlement with the SEC for failing to maintain cyber-security disclosure controls and procedures that exposed more than 800 million title insurance records containing sensitive customer information.

SEC office

SEC rulemaking list 2021: ESG, cyber-risk governance among highlights

2021-06-14T18:55:00+01:00By

The SEC’s spring 2021 rulemaking list is brimming with proposed regulations that would enhance ESG-related disclosures for public companies in areas like climate change, board diversity, human capital management, and cyber-security risk governance.

JBS ransom

JBS USA confirms $11M ransom payment to hackers

2021-06-10T20:23:00+01:00By

Meatpacker JBS USA announced it paid the equivalent of $11 million in ransom in response to a May cyber-attack that impacted its operations in North America and Australia.

AdobeStock_365368438_Editorial_Use_Only

Assessing yet another ransomware attack on critical supplier (JBS)

2021-06-02T18:50:00+01:00By

Meatpacker JBS USA has become the latest critical infrastructure company to be targeted by a ransomware attack, which temporarily halted its global operations. The attack brings with it implications for the food and agriculture industries.

Ransomware

Colonial Pipeline fallout: Thwarting ransomware attacks requires collective defense

2021-06-01T18:11:00+01:00By

President Biden’s executive order on cyber-security largely applies to federal agencies. But its core message—that the public and private sectors must collectively defend against increasingly malicious ransomware attacks—should not be lost on companies.

Cloud data

Survey: Data access further complicated by emerging privacy laws

2021-05-21T16:50:00+01:00By

A recent survey of 100 executives from Fortune 500 companies found more than half are struggling to balance easy access to company data with privacy and security compliance under laws like the GDPR and CCPA.

Cloud supply chain

New NIST revisions expand scope of cyber supply chain risk management guidance

2021-05-20T18:04:00+01:00By

The National Institute of Standards and Technology is seeking comment on a revised version of its cyber supply chain risk management guidance that is intended for a broader audience of public and private companies.

cybergrx300x200

CPE Webcast: TPCRM best practices that reduce supply chain risk

2021-05-20T14:00:00+01:00Provided by

Organizations are adopting digital transformation and, as a result, increasing their reliance on third parties faster than they can scale their third-party cyber-risk management programs.

Hackers

SEC fines broker-dealer $1.5M for SARs filing failures

2021-05-12T18:01:00+01:00By

GWFS Equities will pay $1.5 million as part of a settlement with the SEC for lapses in the filing of suspicious activity reports related to the threat of cyber-breaches.

Comey CW2021 blog

James Comey: Lessons from Enron era will ‘become real again’

2021-05-11T20:17:00+01:00By

Former FBI Director James Comey kicked off Compliance Week’s 16th annual National Conference on Tuesday by speaking candidly about a variety of risk and compliance matters, including the importance of a strong ethical culture in the coming post-pandemic “boom times.”

AI

What you need to know about proposed EU rules for trustworthy AI

2021-04-29T18:27:00+01:00By

With various levels of defined risk and the potential for steep fines for offenders, the European Commission’s recent proposal to ensure trust in the use of artificial intelligence should receive urgent attention from industries beyond Big Tech.

Coronavirus office

Six best practices for managing cyber-security upon return to office

2021-04-23T13:18:00+01:00By Marc Gilman, CW guest columnist

The hybrid work environment many organizations are expected to utilize as part of the gradual return to the workplace presents numerous cyber-security risks that require proactive attention.

Data money

Fines key attention to data privacy from boards, says ICO head

2021-04-21T15:04:00+01:00By

The threat of fines has done more to focus boardroom attention on data privacy and effective cyber-security than any other measure, U.K. Information Commissioner Elizabeth Denham believes.

Brasseur_opinion

New chief compliance officer, same Facebook

2021-04-16T14:29:00+01:00By

It isn’t surprising to see Facebook think it doesn’t have an ethical obligation to alert users to its latest data leak, writes Kyle Brasseur, but it is disappointing knowing the company now has a chief compliance officer in place.

Russia_United States

U.S. sanctions Russia over SolarWinds hack

2021-04-15T19:52:00+01:00By

The Treasury Department announced sanctions against Russia implemented under an executive order from President Joe Biden in response to the SolarWinds hack and alleged election interference by the country.

Nailedit1200x800

Video: Kudos to whistleblower chief Jane Norberg on successful SEC tenure

2021-04-15T18:03:00+01:00By Compliance Week

Aaron Nicodemus applauds outgoing SEC whistleblower chief Jane Norberg for “revolutionizing” the program and the agency, while Kyle Brasseur laments Facebook’s ethical bungling of its recent data leak.

Facebook

Facebook facing 10th GDPR probe over data leak

2021-04-14T17:10:00+01:00By

The Irish Data Protection Commission has launched an inquiry into Facebook over concerns the social media giant may not have properly disclosed the full extent of its recent data leak.

Facebook privacy

Facebook’s new leak: Assessing its liability under the GDPR

2021-04-08T20:19:00+01:00By

Old personal data of more than 533 million Facebook users was recently made publicly available on a hacker forum. Could the social media giant face a new investigation under the GDPR in response?

Facebook

​Irish DPC seeking answers on Facebook breach

2021-04-07T19:37:00+01:00By

The Irish Data Protection Commission has reached out to Facebook seeking to determine whether the social media giant’s weekend data breach should receive scrutiny under the General Data Protection Regulation.

breach

Data breach disclosures drop in 2020, report says

2021-04-07T18:44:00+01:00By

Cyber-breach disclosures in 2020 were down 19 percent from 2019—the first drop in the statistic in five years, according to a new report from Audit Analytics.

Booking

Booking.com fined $557K under GDPR for reporting data breach late

2021-04-01T20:55:00+01:00By

Online reservation Website Booking.com has been fined €475,000 (U.S. $557,000) by the Dutch Data Protection Authority for reporting a data breach 22 days later than the 72 hours required under the GDPR.

Nailedit1200x800

Video: More scrutiny coming to data breach disclosures?

2021-04-01T19:50:00+01:00By Compliance Week

Aly McDevitt assesses controversial data breach disclosures from U.K. retailer FatFace and technology vendor Ubiquiti in light of a report Congress is considering stricter requirements for reporting data breaches.